Don't call it UUID!

Author Christian Reading time 2 minutes

Made by myself https://admin.brennt.net/bl-content/uploads/pages/44e0aefb15224b22617e9f62071dda3f/uuid.jpg

This is a rant about software.

Dear Software-Vendors,
when you write that your software expects an UUID. Then please make sure that YOU actually first understand what a UUID is. Or to be precise: How the syntax of an UUID looks like and what it tries to achieve (the semantic of a UUID so to speak).

This is a UUID: 550e8400-e29b-11d4-a716-446655440000

That is: EIGHT DASH FOUR DASH FOUR DASH FOUR DASH TWELVE.
Repeat after me: 8-4-4-4-12

All those numbers are represented by strings consisting of hexadecimal characters. Meaning each and every character can either be 0-9 or a-f (NOT a-z because it's hexadecimal).
There is no "It has to be a 3 at the seventh position". No. All hexadecimal, all random. W
ell.. In UUID v4 at least. But for the sake of ranting I won't go into detail here.
You can accept upper and lowercase but that is not allowed to matter.
Similarly like upper-/lowercase in emailadresses doesn't matter.

If you request an UUID of: 9-3-4-4-12

AND/OR

expect the first character to be an upper or lowercase character

AND/OR

you accept characters from A to Z...

Then you should be ashamed and I have no words left for you.

If you then follow up with: "But it's for sEcUriTy! z0mg!" No. Just no. Stop that. Seriously.
That's just your carefully chosen incompatibility (to keep your users nicely tucked in your software ecosystem) and FUD (Fear, uncertainty and doubt). But nothing else.
Also you just broke every single tool out there which verifies and checks UUIDs. Which actually comes in very handy in.. Uhm.. Software-Security? Like you know.. Don't use the same UUID twice, etc. Or Code-Linting tools and the like - which are part of the OPERATIONAL security of your customers.
So please: Stop that BS. Seriously.

Please: Don't be that kind of software vendor. Thank you, please make sure to visit my TED-Talk. 😂

Don't get me wrong: You can make up your own unique identifier syntax. But then: DON'T call it UUID! That name is standardized world-wide with the OSF, IETF, ISO and probably many other important standardization organisations.
Instead: Feel free to create a new one of this lovingly VS3LA's (Vendor specific 3 letter acronyms) which every software vendors seems to like..
Then at least every IT person will know that we are talking about something different.